How to put my kernels, initrd and entries in the boot/XBOOTLDR partition

s0dyy · May 15, 2022, 5:32pm

Hello,

I just switched to NixOS, and I can’t find the option (if it exists), to put my kernels, initrd and entries in my boot / XBOOTLDR partition.

On my old Linux distributions, I was following the systemd recommendations, which you can find here:

https://systemd.io/BOOT_LOADER_SPECIFICATION/

I have two partitions, /efi and /boot. I used the “boot.loader.efi.efiSysMountPoint = “/efi”” option at installation, everything works fine, and my hardware-configuration.nix file looks very good.

But I don’t have the expected result, my /boot partition contains only empty folders (EFI, machine-id, loader…), without my kernels, initrd and entries… Which are in my /efi partition… (and having several operating systems on my machine, I wish to have all my kernels/initrd on my XBOOTLDR partition, sorted neatly by machine-id folder).

I did not find a reference to the XBOOTLDR partition in the documentation / manual. Are there people in the same situation as me? Is there an option to configure this properly?

I’ll keep looking, hoping to get some feedback

s0dyy · May 15, 2022, 6:24pm

I had a quick look at the code of system-boot-builder.py.

github.com

NixOS/nixpkgs/blob/ea69f79829972187ecf6c1eaede4ce7a15d81736/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py

#! @python3@/bin/python3 -B
import argparse
import shutil
import os
import sys
import errno
import subprocess
import glob
import tempfile
import errno
import warnings
import ctypes
libc = ctypes.CDLL("libc.so.6")
import re
import datetime
import glob
import os.path
from typing import NamedTuple, List, Optional

class SystemIdentifier(NamedTuple):

This file has been truncated. show original

All configuration is done via “@efiSysMountPoint@” (so the /efi partition in my case).

I guess it’s not possible to do a clean ESP / XBOOTLOADER installation. Can anyone confirm this?

jottr · February 20, 2024, 9:41pm

I’m curious, since I’m having the exact same issue right now: were you ever able to figure this out?

colemickens · February 20, 2024, 9:50pm

I just installed a system recently with the help of the ancestor of this PR: nixos/systemd-boot: Add support for an XBOOTLDR partition by sdht0 · Pull Request #285401 · NixOS/nixpkgs · GitHub.

I think it would be a nice win to get it in. If you are a first-time NixOS user, on a modern laptop, looking to try a dual-boot, you are almost surely to run into this. And without the PR, it’s a really sticky spot to be in. Most users, especially new users, are not equipped to make a trailer ESP partition and Windows makes some of it trickier than it needs to be.

I think at this point it needs attention from likely busy maintainers/owners.

jottr · February 20, 2024, 10:07pm

Thank you for the lightning fast response!
I was actually just reading that very PR.
Since I’m new to NixOS I’m unsure how I should incorporate the changes from that PR into the installation process.
I’m trying to dual boot MacOS and NixOS.
Any pointers to get started would be highly appreciated.
I’m happy to share my partition layout and the relevant bits from /etc/nixos/*.nix if this helps.

sdht · February 20, 2024, 10:19pm

Here’s how I use it:

~~disabledModules = [ “system/boot/loader/systemd-boot/systemd-boot.nix” ];~~
~~imports = [ ./systemd-boot.nix ];~~

boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;

boot.loader.efi.efiSysMountPoint = "/efi";
boot.loader.systemd-boot.xbootldrMountPoint = "/boot";

~~And copy systemd-boot.nix and systemd-boot-builder.py from the PR.~~

EDIT: the feature is now available normally.

JohnRTitor · March 10, 2024, 8:46am

Does it work with lanzaboote as well?

ElvishJerricco · March 10, 2024, 8:48am

I’m pretty sure it should, yea. Lanzaboote still uses systemd-boot for the boot loader; it’s just the stub that’s been replaced by a lanzaboote thing.

JohnRTitor · March 11, 2024, 6:20pm

For lanzaboote, one is supposed to “forcefully disable” systemd-boot by

  boot.loader.systemd-boot.enable = pkgs.lib.mkForce false;
  
  # lanzaboote for secureboot
  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/etc/secureboot";
  };

So I am wondering if it would work.
Anyways, how do I migrate from existing nix-boot partition setup to xbootldr? My primary windows EFI is at top of the file system. While nix boot partition is at the very bottom.

Since it’s merged into nixpkgs-unstable I think we can directly use it.

ElvishJerricco · March 11, 2024, 6:49pm

oh, right, lanzaboote has its own systemd-boot-builder style thing. So it actually probably won’t be able to do xbootldr stuff. My bad

colemickens · April 6, 2024, 2:51pm

Feel free to take a look at my config. This is the “workaround” I use for lanzaboote. If you scroll down you’ll see where I enable lanzaboote.

github.com

colemickens/nixcfg/blob/7b0fd8887131014c15fc7427e256819e3d8c0c21/hosts/zeph/configuration.nix#L118-L125


      
          "/efi/EFI/Linux" = {
            device = "/boot/EFI/Linux";
            options = [ "bind" ];
          };
          "/efi/EFI/nixos" = {
            device = "/boot/EFI/nixos";
            options = [ "bind" ];
          };

EDIT: huh, didn’t realize this was almost a month old. Regardless, maybe it helps someone stumbling into this thread later.

EDIT2: I forgot, this part is key, too:

github.com

colemickens/nixcfg/blob/7b0fd8887131014c15fc7427e256819e3d8c0c21/hosts/zeph/configuration.nix#L155


      
          #   forceImportAll = true;
          #   extraPools = [ "zfsin" ];
          # };
          bootspec.enable = true;
          lanzaboote = {
            enable = true;
            pkiBundle = "/etc/secureboot";
            configurationLimit = 50;
          };
          loader = {
            efi.efiSysMountPoint = "/efi";
            systemd-boot = {
              enable = lib.mkForce (config.boot.lanzaboote.enable != true);
              configurationLimit = lib.mkForce 3;
            };
          };
          kernelModules = [
            "iwlwifi"
            "iwlmvm"
            "mac80211"
            "cfg80211"